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2 Location-Based Data Access Control 

3 

4 Field of the Invention 

5 The present invention relates to location-based control of the access to data stored on a 

6 removable data carrier or contained in a received data file. 
7 

8 Background of the Invention 

9 Communication infrastructures suitable for mobile users (in particular, though not 

10 exclusively, cellular radio infrastructures) have now become widely adopted. Whilst the 

1 1 primary driver has been mobile telephony, the desire to implement mobile data-based 

1 2 services over these infrastructures, has led to the rapid development of data-capable bearer 

1 3 services across such infrastructures. This has opened up the possibility of many Internet- 

14 based services being available to mobile users. 
15 

16 By way of example, Figure 1 shows one form of known communication infrastructure for 

1 7 mobile users providing both telephony and data-bearer services. In this example, a mobile 

1 8 entity 20, provided with a radio subsystem 22 and a phone subsystem 23, communicates 

1 9 with the fixed infrastructure of GSM PLMN (Public Land Mobile Network) 1 0 to provide 

20 basic voice telephony services. In addition, the mobile entity 20 includes a data-handling 

21 subsystem 25 interworking, via data interface 24, with the radio subsystem 22 for the 

22 transmission and reception of data over a data-capable bearer service provided by the 

23 PLMN; the data-capable bearer service enables the mobile entity 20 to communicate with 

24 a service system 40 connected to the public Internet 39. The data handling subsystem 25 

25 supports an operating environment 26 in which applications run, the operating 

26 environment including an appropriate communications stack. 
27 

28 More particularly, the fixed infrastructure 10 of the GSM PLMN comprises one or more 

29 Base Station Subsystems (BSS) 1 1 and a Network and Switching SubsystemNSS 12. Each 

30 BSS 11 comprises a Base Station Controller (BSC) 14 controlling multiple Base 
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1 Transceiver Stations (BTS) 13 each associated with a respective "cell" of the 

2 radio network. When active, the radio subsystem 22 of the mobile entity 20 communicates 

3 via a radio link with the BTS 13 of the cell in which the mobile entity is currently located. 

4 As regards the NSS 12, this comprises one or more Mobile Switching Centers (MSC) 15 

5 together with other elements such as Visitor Location Registers 32 and Home Location 

6 Register 32. 
7 

8 When the mobile entity 20 is used to make a normal telephone call, a traffic circuit for 

9 carrying digitised voice is set up through the relevant BSS 1 1 to the NSS 12 which is then 

10 responsible for routing the call to the target phone (whether in the same PLMN or in 

1 1 another network). 
12 

13 With respect to data transmission to/from the mobile entity 20, in the present example 

1 4 three different data-capable bearer services are depicted though other possibilities exist. A 

1 5 first data-capable bearer service is available in the form of a Circuit Switched Data (CSD) 

1 6 service; in this case a full traffic circuit is used for carrying data and the MSC 32 routes the 

17 circuit to an Inter Working Function IWF 34 the precise nature of which depends on what 

18 is connected to the other side of the IWF. Thus, IWF could be configured to provide direct 

19 access to the public Internet 39 (that is, provide functionality similar to an IAP - Internet 

20 Access Provider IAP). Alternatively, the IWF could simply be a modem connecting to a 

21 PSTN; in this case, Internet access can be achieved by connection across the PSTN to a 

22 standard IAP. 
23 

24 A second, low bandwidth, data-capable bearer service is available through use of the Short 

25 Message Service that passes data carried in signalling channel slots to an SMS unit which 

26 can be arranged to provide connectivity to the public Internet 39. 
27 

28 A third data-capable bearer service is provided in the form of GPRS (General Packet Radio 

29 Service which enables IP (or X.25) packet data to be passed from the data handling system 

30 of the mobile entity 20, via the data interface 24, radio subsystem 21 and relevant BSS 1 1, 
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1 to a GPRS network 17 of the PLMN 10 (and vice versa). The GPRS network 17 

2 includes a SGSN (Serving GPRS Support Node) 18 interfacing BSC 14 with the network 

3 17, and a GGSN (Gateway GPRS Support Node) interfacing the network 17 with an 

4 external network (in this example, the public Internet 39). Full details of GPRS can be 

5 found in the ETSI (European Telecommunications Standards Institute) GSM 03.60 

6 specification. Using GPRS, the mobile entity 20 can exchange packet data via the BSS 1 1 

7 and GPRS network 17 with entities connected to the public Internet 39. 
8 

9 The data connection between the PLMN 10 and the Internet 39 will generally be through 

10 a firewall 35 with proxy and/or gateway functionality. 
11 

12 Different data-capable bearer services to those described above may be provided, the 

13 described services being simply examples of what is possible. 
14 

15 In Figure 1, a service system 40 is shown connected to the Internet 40, this service system 

1 6 being accessible to the OS/application 26 running in the mobile entity by use of any of the 

17 data-capable bearer services described above. The data-capable bearer services could 

18 equally provide access to a service system that is within the domain of the PLMN 

19 operator or is connected to another public or private data network. 
20 

21 With regard to the OS/application software 26 running in the data handling subsystem 25 

22 of the mobile entity 20, this could, for example, be a WAP application running on top of 

23 a 

24 WAP stack where "WAP" is the Wireless Application Protocol standard. Details of WAP 

25 can be found, for example, in the book "Official Wireless Application Protocol" Wireless 

26 Application Protocol Forum, Ltd published 1 999 Wiley Computer Publishing. Where the 

27 OS/applicationsoftware is WAP compliant, the firewall will generally also serve as a WAP 

28 proxy and gateway. Of course, OS/application 26 can comprise other functionality (for 

29 example, an e-mail client) instead of, or additional to, the WAP functionality. 
30 
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1 The mobile entity 20 may take many different forms. For example, it could be two 

2 separate units such as a mobile phone (providing elements 22-24) and a mobile PC (data- 

3 handling system 25) coupled by an appropriate link (wireline, infrared or even short range 

4 radio system such as Bluetooth). Alternatively, mobile entity 20 could be a single unit such 

5 as a mobile phone with WAP functionality. Of course, if only data transmission/reception 

6 is required (and not voice), the phone functionality 24 can be omitted; an example of this 

7 is a PDA with built-in GSM data-capable functionality whilst another example is a digital 

8 camera (the data-handling subsystem) also with built-in GSM data-capable functionality 

9 enabling the upload of digital images from the camera to a storage server. 
10 

1 1 Whilst the above description has been given with reference to a PLMN based on GSM 

12 technology, it will be appreciated that many other cellular radio technologies exist and can 

13 typically provide the same type of functionality as described for the GSM PLMN 10. 
14 

15 

16 Recently, much interest has been shown in "location-based", "location-dependent", or 

1 7 "location-aware" services for mobile users, these being services that take account of the 

1 8 current location of the user (or other mobile party). The most basic form of this service is 

1 9 the emergency location service whereby a user in trouble can press a panic button on their 

20 mobile phone to send an emergency request- for-assistance message with their location data 

2 1 appended. Another well known location-based service is the provision of traffic and route- 

22 guiding information to vehicle drivers based on their current position. A further known 

23 service is a "yellow pages" service where a user can find out about amenities (shops, 

24 restaurants, theatres, etc.) local to their current location. The term "location-aware 

25 services" will be used herein to refer generically to these and similar services where a 

26 location dependency exists. 
27 

28 Location-aware services all require user location as an input parameter. A number of 

29 methods already exist for determining the location of a mobile user as represented by an 

30 associated mobile equipment. Example location-determiningmethods will now be described 
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1 with reference to Figures 2 to 5. As will be seen, some of these methods result in the 

2 user knowing their location thereby enabling them to transmit it to a location-aware service 

3 they are interested in receiving, whilst other of the methods result in the user's location 

4 becoming known to a network entity from where it can be supplied directly to a location- 

5 aware service (generally only with the consent of the user concerned). It is to be 

6 understood that additional methods to those illustrated in Figures 2 to 5 exist. 
7 

8 As well as location determination, Figures 2 to 5 also illustrate how the mobile entity 

9 requests a location-aware service provided by service system 40. In the present examples, 

1 0 the request is depicted as being passed over a cellular mobile network (PLMN 1 0) to the 

1 1 service system 40. The PLMN is, for example, similar to that depicted in Figure 1 with the 

12 service request being made using a data-capable bearer service of the PLMN. The service 

1 3 system 40 may be part of the PLMN itself or connected to it through a data network such 

14 as the public Internet. It should, however, be understood that infrastructure other than a 

1 5 cellular network may alternatively be used for making the service request 
16 

1 7 The location-determining method illustrated in Figure 2 uses an inertial positioning system 

18 50 provided in the mobile entity 20A, this system 50 determining the displacement of the 

1 9 mobile entity from an initial reference position. When the mobile entity 20A wishes to 

20 invoke a location-aware service, it passes its current position to the corresponding service 

21 system 40 along with the service request 51. This approach avoids the need for an 

22 infrastructure to provide an external frame of reference; however, cost, size and long-term 

23 accuracy concerns currently make such systems unattractive for incorporation into mass- 

24 market handheld devices. 
25 

26 Figure 3 shows two different location-determiningmethods both involving the use of local, 

27 fixed-position, beacons here shown as infra-red beacons IRD though other technologies, 

28 such as short-range radio systems (in particular, "Bluetooth" systems) may equally be 

29 used. The right hand half of Figure 3 show a number of independent beacons 55 that 

30 continually transmit their individual locations. Mobile entity 20B is arranged to pick up 
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1 the transmissions from a beacon when sufficiently close, thereby establishing its 

2 position to the accuracy of its range of reception. This location data can then be appended 

3 to a request 59 made by the mobile entity 20B to a location-aware service available from 

4 service system 40. A variation on this arrangement is for the beacons 55 to transmit 

5 information which whilst not directly location data, can be used to look up such data (for 

6 example, the data may be the Internet home page URL of a store housing the beacon 55 

7 concerned, this home page giving the store location - or at least identity, thereby enabling 

8 look-up of location in a directory service). 
9 

10 In the left-hand half of Figure 3, the IRB beacons 54 are all connected to a network that 

1 1 connects to a location server 57. The beacons 54 transmit a presence signal and when 

12 mobile entity 20C is sufficiently close to a beacon to pick up the presence signal, it 

13 responds by sending its identity to the beacon. (Thus, in this embodiment, both the 

14 beacons 54 and mobile entity 20C can both receive and transmit IR signals whereas 

1 5 beacons 55 only transmit, and mobile entity 20B only receives, IR signals). Upon a beacon 

16 54 receiving a mobile entity's identity, it sends out a message over network 56 to location 

1 7 server 57, this message linking the identity of the mobile entity 20C to the location of the 

1 8 relevant beacon 54. Now when the mobile entity wishes to invoke a location-aware service 

1 9 provided by the service system 40, since it does not know its location it must include it's 

20 identity in the service request 5 8 and rely on the service system 40 to lookup the current 

2 1 location of the mobile entity in the location server 57. Because location data is personal and 

22 potentially very sensitive, the location server 57 will generally only supply location data 

23 to the service system 40 after the latter has produced an authorizing token supplied by the 

24 mobile entity 20B in request 58. It will be appreciated that whilst service system 40 is 

25 depicted as handling service requests form both types of mobile entity 20 B and 20C, 

26 separate systems 40 may be provided for each mobile type (this is likewise true in respect 

27 of the service systems depicted in Figures 4 and 5). 
28 

29 Figure 4 depicts several forms of GPS location-determining system. On the left-hand side 

30 of Figure 4, a mobile entity 20D is provided with a standard GPS module and is capable 
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1 of determining the location of entity 2 OD by picking up signals from satellites 60. The 

2 entity 20D can then supply this location when requesting, in request 61, a location-aware 

3 service from service system 40. 
4 

5 The right-hand side of Figure 4 depicts, in relation to mobile entity 20E, two ways in 

6 which assistance can be provided to the entity in deriving location from GPS satellites. 

7 Firstly, the PLMN 1 0 can be provided with fixed GPS receivers 62 that each continuously 

8 keep track of the satellites 60 visible from the receiver and pass information in messages 

9 63 to local mobile entities 20E as to where to look for these satellites and estimated signal 

10 arrival times; this enables the mobile entities 20E to substantially reduce acquisition time 

11 for the satellites and increase accuracy of measurement (see "Geolocation Technology 

12 Pinpoints Wireless 911 calls within 15 Feet" l-Jul-99 Lucent Technologies, Bell Labs). 

1 3 Secondly, as an alternative enhancement, the processing load on the mobile entity 20E can 

14 be reduced and encoded jitter removed using the services of network entity 64 (in or 

1 5 accessible through PLMN 1 0). 
16 

1 7 One the mobile unit 20E has determined its location, it can pass this information in request 

1 8 65 when invoking a location-aware service provided by service system 40. 
19 

20 Figure 5 depicts two general approaches to location determination from signals present in 

21 a cellular radio infrastructure. First, it can be noted that in general both the mobile entity 

22 and the network will know the identity of the cell in which the mobile entity currently 

23 resides, this information being provided as part of the normal operation of the system. 

24 (Although in a system such as GSM, the network may only store current location to a 

25 resolution of a collection of cells known as a "location area", the actual current cell ID will 

26 generally be derivable from monitoring the signals exchanged between the BSC 14 and the 

27 mobile entity). Beyond current basic cell ID, it is possible to get a more accurate fix by 

28 measuring timing and/or directional parameters between the mobile entity and multiple 

29 BTSs 13, these measurement being done either in the network or the mobile entity (see, for 

30 example, International Application WO 99/04582 that describes various techniques for 
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1 effecting location determinationin the mobile and WO 99/55114 that describes location 

2 determination by the mobile network in response to requests made by location-aware 

3 applications to a mobile location center - server- of the mobile network). 
4 

5 The left-hand half of Figure 5 depicts the case of location determination being done in the 

6 mobile entity 20F by, for example, making Observed Time Difference (OTD) 

7 measurements with respect to signals from BTSs 13 and calculating location using a 

8 knowledge of BTS locations. The location data is subsequently appended to a service 

9 request 66 sent to service system 40 in respect of a location-aware service. The calculation 

10 load on mobile entity 20F could be reduced and the need for the mobile to know BTS 

1 1 locations avoided, by having a network entity do some of the work. The right-hand half of 

12 Figure 5 depicts the case of location determination being done in the network, for example, 

13 by making Timing Advance measurements for three BTSs 13 and using these 

14 measurements to derive location (this derivation typically being done in a unit associated 

15 with BSC 14). The resultant location data is passed to a location server 67 from where it 

16 can be made available to authorised services. As for the mobile entity 20C in Figure 3, 

1 7 when the mobile entity 20G of Figure 5 wishes to invoke a location-aware service available 

18 on service system 50, it sends a request 69 including an authorisation token and its ID 

19 (possible embedded in the token) to the service system 40; the service system then uses 

20 the authorisation token to obtain the current location of the mobile entity 20G from the 

21 location server 67. 
22 

23 In the above examples, where the mobile entity is responsible for determining location, this 

24 will generally be done only at the time the location-aware service is being requested. Where 

25 location determination is done by the infrastructure, it may be practical for systems 

26 covering only a limited number of users (such as the system illustrated in the left-hand half 

27 of Figure 2 where a number of infrared beacons 54 will cover a generally fairly limited) for 

28 location-data collection to be done whenever a mobile entity is newly detected by an IRB, 

29 this data being passed to location server 57 where it is cached for use when needed. 

30 However, for systems covering large areas with potentially a large number of mobile 
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1 entities, such as the Figure 5 system, it is more efficient to effect location 

2 determination as and when there is a perceived need to do so; thus, location determination 

3 may be triggered by the location server 67 in response to the service request 68 from the 

4 mobile entity 20G or the mobile entity may, immediately prior to making request 68, 

5 directly trigger BSC 14 to effect a location determination and feed the result to location 

6 server 67. 
7 

8 Further with respect to the location servers 57, 67, whilst access authorisation by location- 

9 aware services has been described as being through authorisation tokens supplied by the 

10 mobile entities concerned, other authorisation techniques can be used. In particular, a 

11 location-aware service can be prior authorised with the location server in respect of 

12 particular mobile entities; in this case, each request from the service for location data needs 

13 only to establish that the request comes from a service authorised in respect of the mobile 

14 entity for which the location data is requested. 
15 

16 As already indicated, Figures 2 to 5 depict only some examples of how location 

1 7 determination can be achieved, there being many other possible combinations of technology 

1 8 used and where in the system the location-determiningmeasurementsare made and location 

19 is calculated, stored and used .Thus, the location-aware service may reside in the mobile 

20 entity whose location is of interest, in a network-connected service system 40 (as 

21 illustrated), or even in another mobile entity. Furthermore, whilst in the examples of 

22 Figures 2 to 5, invocation of the location- aware service has been by the mobile entity 

23 whose location is of interest, the nature of the location-aware service may be such that it 

24 is invoked by another party (including, potentially, the PLMN itself). In this case, unless 

25 the invoking party already knows the location of he mobile entity and can pass this 

26 information to the location-aware service (which may, for example, may be situation where 

27 the PLMN invokes the service), it is the location-aware service that is responsible for 

28 obtaining the required location data, either by sending a request to the mobile entity itself 

29 or by requesting the data from a location server. Unless the location server already has the 

30 needed information in cache, the server proceeds to obtain the data either by interrogating 
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1 the mobile entity or by triggering infrastructure elements to locate the mobile. 

2 For example, where a location-aware service running on service system 40 in Figure 5 needs 

3 to find the location of mobile 20G, it could be arranged to do so by requesting this 

4 information from location server 67 which in turn requests the location data from the 

5 relevant BSC, the latter then making the necessary determination using measurements from 

6 BTSs 13. 
7 

8 Although in the foregoing, the provision of location data through the mobile radio 

9 infrastructure to the mobile entity has been treated as a service effected over a data-capable 

1 0 bearer channel, it may be expected that as location data becomes considered a basic element 

11 of mobile radio infrastructure services, provision will be made in the relevant mobile radio 

12 standards for location data to be passed over a signalling channel to the mobile entity. 
13 

14 It is an object of the present invention to provide an improved way of restricting access 

15 to electronic content data by using location information. 
16 

17 Summary of the Invention 

1 8 According to one aspect of the present invention, there is provided a control method for 

1 9 an item of equipment that is provided with particular functionality for using target data on 

20 a removable data carrier or in a received data file, the method involving testing a location 

21 condition by: 

22 (a) sending identity information identifying said target data from the equipment to a 



23 remote service system; 

24 (b) using the identity information at the service system to retrieve 'authorized-location 

25 data that is associated with the targetdata and represents a predetermined authorized 

26 location or locality for operation of said particular functionality of the equipment in 

27 relation to the associated target data; 

28 (c) obtaining at the service system current-location data representing the current location 

29 of the equipment as determined by means other than the equipment itself; and 
30 
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1 (d) comparing the current-location data with the authorized-location data and 

2 generating a location-match signal upon this comparison indicating that the 

3 equipment is currently located in an authorized location or locality. 
4 

5 According to a second aspect of the present invention, there is provided a service system 

6 for determining when an item of equipment is located at a location where particular 

7 functionality of the equipment is authorised for use in accessing target data provided on 

8 a removable data carrier or in a received data file, the service system comprising: 



9 - a communications sub-system for communicating with said equipment both to 

1 0 receive therefrom identity information concerning said target data, and to return to 

11 the equipment enablement signals for enabling said particular functionality for 

1 2 accessing the target data; 

13 - a location-obtaining arrangement for obtaining current-location data representing the 

14 current location of the equipment; 

15 - a store for storing in association with identity data, authorized-location data 

16 representing a predetermined authorized location or locality for operation of said 

1 7 particular functionality of the equipment; 

18 - a data retrieval arrangement for using identity information received from the 

1 9 equipment via the communication sub-system to access the authorized-locationdata 

20 held in said store in respect of identity data matches the identity information; and 

21 - a comparison arrangement for comparing the current-location data with the accessed 

22 authorized-location data whereby to generate a location-match signal upon this 

23 comparison indicating that the equipment is currently located in said authorised 

24 location or locality. 
25 

26 



27 Brief Description of the Drawings 

28 A method and service-system, both embodying the present invention, for location-based 

29 equipment control, will now be described, by way of non-limiting example, with reference 

30 to the accompanying diagrammatic drawings, in which: 
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1 . Figure 1 is a diagram of a known communications infrastructure usable for 

2 transferring voice and data to/from a mobile entity; 

3 • Figure 2 is a diagram illustrating one known approach to determining the location of 

4 a mobile entity, this approach involving providing the entity with an 

5 inertial positioning system; 

6 • Figure 3 is a diagram illustrating another known approach to determining the location 

7 of a mobile entity, this approach being based on proximity of the mobile 

8 entity to fixed-position local beacons; 

9 . Figure 4 is a diagram illustrating a further known approach to determining the 

10 location of a mobile entity, this approach involving the use of GPS 

1 1 satellites; 

12 . Figure 5 is a diagram illustrating a still further approach to determining the location 

13 of a mobile entity, this approach being based on the use of signals present 

14 in a cellular mobile radio communications system; 

15 . Figure 6 is a diagram illustrating an arrangement in which a mobile device itself 

16 checks whether it is authorized in its current location to use data provided 

1 7 on a removable data carrier; and 

1 8 . Figure 7 is a diagram illustrating an embodiment of the invention in which a mobile 

19 device uses a service system to check whether it is authorized in its current 

20 location to use data provided on a removable data carrier. 
21 

22 Best Mode of Carrying Out the Invention 

23 In certain situations it can be desirable to be able to restrict access to certain information 

24 media and data files such that they could only be read at particular locations (inside a 

25 secure building, for example). As will be described below, embodiments of the present 

26 invention provide ways of achieving this objective by deriving the location of the 

27 equipment used to access the information media / data files concerned and comparing this 
2 8 location with predetermined authorized-locations data that specifies where the equipment, 
29 or where the media/file, are authorized for use. Where this comparison determines that the 
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1 equipment (or at least one function of the equipment) can legitimately be used, 

2 appropriate enablement signals are generated to enable the corresponding equipment 

3 functions. 
4 

5 Current location data about the equipment may be derived by the equipment itself or by 

6 a communications infrastructure (e.g. cellular radio network) with which the equipment 

7 communicates. As regards the authorised-locations data, this can be: 



8 - held in the equipment (and potentially modifiable under password control); 

9 - embedded in "content" (removable information media, received data file) which the 

1 0 equipment is intended to process in some way at authorised locations; 

11 - held at a remote server to which the equipment must refer; in this case, a reference 

12 identifying what authorised-locations data is relevant must be passed to the server 

13 (this reference could identify the equipment, a particular user, or the "content" 

14 concerned). The identifying reference may be provided from the equipment itself or 

1 5 from the communications infrastructureif known to the latter (which may well be the 

16 case if the reference concerns the identity of the equipment or user). 



1 7 The comparison of equipment current location and the authorized location data can be 

1 8 effected at the equipment itself or at a remote authorization server; in this latter case, the 

1 9 server returns an authorization code only when the equipment location corresponds to the 

20 authorized location data. 
21 

22 Conditions additional to location can also be set on equipment enablement. 

23 
24 

25 Figure 6 illustrates an arrangement in which a mobile device 80, such as a mobile PC, is 

26 only enabled to display a video disc 83 at an authorized location that is stored on the disc 

27 itself. The mobile device 80 includes playback functionality 8 1 that requires the presence 

28 of an enable signal on line 82 for it to display the contents of the disc. Playback 

29 functionality includes a location reader 84 operative (regardless of whether or not the 

30 enable signal is present) to read the authorized-location data off the disc 83 and pass it to 

31 a comparison unit 86 to which is also fed the current location of the device 20 as provided 
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1 by a GPS system 85. Comparison unit 82 only generates the enable signal when the 

2 device current location corresponds to the authorized location data on the disc 83. 

3 Preferably, the video disc is encoded in a format that is only interpretable by devices 

4 having the location checking functionality built in. The relevant parts of device 80 are 

5 preferably of tamper-proof construction so as to prevent an end-user circumventing the 

6 location condition placed on access to the target information on the video disc. 
7 

8 Figure 7 illustrates an embodiment of the invention where a mobile device 90, such as a 

9 mobile PC, is only enabled to decrypt and display a video disc 83 at a location specified 

10 in a database 92 associated with an authorisation server 40. The mobile device is equipped 

1 1 with cellular radio functionality enabling it to communicate with the server 40 using a data- 

12 capable bearer service of PLMN 10. The identity of the contents of the video disc 83 is 

13 read from the disc by the mobile device 90 and supplied to the authorisation server 40. 

14 Control process 91 obtains the current location of the mobile device from location server 

15 67 of PLMN 1 0 and looks up the authorized location of playback of the contents of the 

1 6 video disc 83 by using the disc-contents identity to reference into database 92. Comparison 

1 7 process 93 compares the current device location with the authorized location. If the server 

1 8 finds that an authorized read location for the video-disc contents matches the current 

1 9 location of the mobile device, process 94 returns an enablement code (which may be a 

20 decryption key for the video disc contents, this key being held in database 92). 

21 Authorization may additionally be made dependent on the identity of the mobile PC or its 

22 user. For security reasons, the enablement code is preferably returned encrypted with a 

23 public key associated with the mobile device/user. During playing of the video disc, the 

24 content identity is arranged to be repeatedly read by device 90 so as to prevent the viewing 

25 of a different disc with different content under the authorisation granted for the original 

26 disc (this would only be possible if the discs were not encrypted or were encrypted with 

27 the same key). 
28 

29 Instead of a video disc 83, the embodiments of Figures 6 and 7 could equally be used in 

30 respect of other forms of removable data carriers or received data files (received, for 
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1 example, via an internet or intranet connection to the equipment). Furthermore, 

2 the equipment used to access the information media / data file need not be portable 

3 equipment and could, for example, be normal desktop office or home equipment 
4 

5 It will be appreciated that many different embodiments are possible in view of the variety 

6 of ways the location information and authorized-locations data can be derived. 

7 Furthermore, the desired level of security may determine the details of any particular 

8 implementation (in particular, various authentication techniques may need to be used to 

9 avoid location information being falsified). 
10 

11 It may be noted that it is possible to store the authorized-location data for the information 

1 2 media / data file in the equipment to be used for access the latter. This could be useful, for 

13 example, in restricting access to classified encrypted electronic documents of a company 

1 4 in dependence on the equipment location and classification level of a current document; to 

1 5 this end, the equipment is pre-programmed by the company with authorized location data 

1 6 (corresponding, for example, to company sites and locations within those sites) to be 

1 7 applied to particular document classification levels (the classification level of a document 

1 8 being stored with that document on the informationmedia/file concerned and being read by 

1 9 the equipment). Thus, if the current location of the equipment is such that it is authorized 

20 to read documents of a classification level at least as high as that of a current document, 

21 then the equipment is enabled to use an appropriate decryption key (for example, stored 

22 in the equipment) for reading that electronic document. In this context, the classification 

23 level of the electronic document constitutes its identity. 
24 

25 Whilst in the described embodiments the location data has been expressed in terms of 

26 absolute location data, it would be possible also to use relative location data and also 

27 semantic location data (for example, the authorised locations could be specified as all 

28 premises of a particular company, in which case there would need to be a translation of 

29 this semantic location data to real world locations through, for example, a database that 

30 specifies the absolute locations of the company's current premises). 
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1 

2 In the Figure 7 embodiment, communication with the authorisation server 40 is described 

3 as being via a cellular radio connection. It would, of course, also be possible to used a wired 

4 connection (such as a LAN connecting to the Internet) with the current location of the 

5 device concerned being obtained by any appropriate manner. 
6 

7 Where a piece of equipment has multiple functional units, different functions of the 

8 equipment can be locationally limited to differing extents. 
9 

10 It is to be understood that the present invention is not limited to the specifics of the mobile 

1 1 entity and communication infrastructure and location discovery means shown in Figures 

12 6 and 7, and the generalisations discussed above in relation to' Figures 1 to 5 regarding 

1 3 these elements apply equally to the operational context of the described embodiments of 

14 the invention. Furthermore, whilst the service system 40 is shown in Figure 7 as 

15 connected to the public Internet, it could be connected to a GPRS network 17 of PLMN 

16 10 or to another fixed data network interfacing directly or indirectly with the network 17 

17 or network 39. 
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IN THE CLAIMS 

Please replace Claims 17 as filed with amended Claim 17, 
which is set forth below. (Appendix B, which is enclosed 
herewith, shows how original Claim 17 was amended to produce 
amended Claim 17. In Appendix B, the portions being added 
are underlined; and the portions being deleted are enclosed 
in brackets . ) 

17. (Amended) A service system for determining when an item of equipment is located 
at a location where particular functionality of the equipment is authorized for use in 
accessing target data provided on a removable data carrier or in a received data file, the 
service system comprising: 

a communications sub-system for communicating with said equipment both to 
receive therefrom identity information concerning said target data, and to return to the 
equipment enablement signals for enabling said particular functionality for accessing the 
target data; 

a location-obtaining arrangement for obtaining current-location data representing 
the current location of the equipment; 

a store for storing in association with identity data, authorized-location data 
representing a predetermined authorized location or locality for operatiorj of said 
particular functionality of the equipment; 

a data retrieval arrangement for using identity information received from the 
equipment via the communication sub-system to access the authorized-location data held 
in said store in respect of identity data matches the identity information; and 

a comparison arrangement for comparing the current-location data with the 
accessed authorized-location data whereby to generate a location-match signal upon this 
comparison indicating that the equipment is currently located in said authorized location 
or locality. 
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Please cancel Claims 1-16 and 18-19, without prejudice. 
Please add the following new Claims. 

20. (New) A control method for an item of equipment that is provided with particular 
functionality for using target data on a removable data carrier or in a received data file, the 
method involving testing a location condition by: 

(a) sending identity information identifying said target data from the equipment to a 
remote service system; 

(b) using the identity information at the service system to retrieve authorized-location 
data that is associated with the target data and represents a predetermined authorized 
location or locality for operation of said particular functionality of the equipment in 
relation to the associated target data; 

(c) obtaining at the service system current-location data representing the current 
location of the equipment as determined by means other than the equipment itself; and 

(d) comparing the current-location data with the authorized-location data and 
generating a location-match signal upon this comparison indicating that the equipment is 
currently located in said authorized location or locality. 

21. (New) A method according to claim 20, wherein in step (c) the current location data 
is obtained by the service system from a location determining system separate from the 
equipment. 

22. (New) A method according to claim 21, wherein the equipment communicates with 
the service system by a communications infrastructure comprising a cellular radio 
network, the location determining system using signals associated with the cellular radio 
network to determine the location of the equipment, and the remote service system 
obtaining said current-location data from the location determining system either directly or 
via the equipment. 
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23. (New) A method according to claim 20, wherein the identity information is provided 
to the equipment along with the target data and is accessed by the equipment for sending 
to the service system in step (a). 

24. (New) A method according to claim 20, wherein the service system returns an 
enabling code to the equipment upon said first location condition and any other conditions 
set to be tested at the service system being satisfied, the enabling code being used at the 
equipment to enable said functionality. 

25. (New) A method according to claim 24, wherein the equipment periodically checks 
that the identity information associated with the target data currently being used by said 
functionality corresponds to the identity information for which the enabling code was 
provided. 

26. (New) A method according to claim 24, wherein the enabling code is specific to a 
particular functionality of the equipment 

27. (New) A method according to claim 20, wherein the target data is encrypted and the 
service system returns a corresponding decryption key to the equipment upon said first 
location condition, and any other conditions set to be tested at the service system, being 
satisfied. 

28. (New) A service system according to claim 1 7, further comprising an authorization 
arrangement responsive to the generation of a location-match signal and successful testing 
for any further conditions set to be tested at the system, to return to the equipment 
enablement signals in the form of a code for enabling said functionality of the equipment. 

29. (New) A service system according to claim 1 7, further comprising an authorization 
arrangement responsive to the generation of a location-match signal and successful testing 
for any further conditions set to be tested at the system, is operative to return to the 
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equipment enablement signals in the form of a decryption key for decrypting said target 
data. 

30. (New) A service system according to claim 17, wherein the location-obtaining 
arrangement is operative to obtain said current-location data from a location server of a 
cellular radio network used by the equipment. 
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IN THE ABSTRACT 

Please replace the Abstract as filed with the amended 
Abstract, which is set forth below. (Appendix C, which is 
enclosed herewith, shows how the original Abstract was 
amended to produce the amended Abstract. In Appendix C, the 
portions being added are underlined; and the portions being 
deleted are enclosed in brackets.) 

(Amended) 

ABSTRACT OF THE DISCLOSURE 

In order to restrict access to content data held on a removable data carrier or included in an 
electronic file, equipment for accessing this content is arranged only to be enabled upon a 
location condition being satisfied. This condition is tested for by obtaining current- 
location data representing the current location of the equipment, and comparing the 
current-location data with authorized-location data representing a predetermined 
authorized location or locality for operation of the equipment. This comparison is done 
in a remote service system after the identity of the content data has been sent to the 
system. 
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REMARKS 



The above amendments to the specification, claims, and 
abstract restrict the claims to the embodiments using a 
service system (for example, the embodiment of Figure 7) . 
All the original claims have been replaced apart from 
original Claim 17, which has been amended. The arrangement 
of Figure 6 is no longer claimed and minor changes to the 
description have been made to avoid referring to the 
arrangement of Figure 6 as an embodiment of the invention. 
The Summary of Invention has also been amended to reflect the 
changes to the claims. 



Re spe c t f u 1 ly submi 1 1 ed , 




Richard P . Berg 
Reg. No. 28,145 
Attorney for Applicant 



LADAS & PARRY 

5670 Wilshire Boulevard #2100 
Los Angeles, California 90036 
(323) 934-2300 
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Appendix A 

(VERSION WITH MARKINGS TO SHOW CHANGES MADE) 



Please amend the specification on pages 1-16 as indicated 
below. 



EL915899063US 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicants: James Thomas Edward) RE: Preliminary Amendment 
McDonnell, et al . ) 

) Group Art Unit: not yet assigned- 
U.S. Serial No.: 10/032,000 ) 

) Our Ref: B-4458PCT 619452-2 
INTERNATIONAL APPLICATION NO . : ) 
PCT/GB01/02291 ) 
INTERNATIONAL FILING DATE: ) 
23 May 2001 ) 

For: "LOCATION-BASED DATA ACCESS) 

CONTROL" ) Date: May 30, 2 002 



Commissioner for Patents 
BOX PCT 

United States Patent and Trademark Office 
Washington, D.C. 2 0231 

Attn: India L. Evans, Examiner 

U.S. National Stage Processing 
PCT International Division 

Sir: 



Prior to examination of the above-identified application, it is 
respectfully requested that the following amendment be made to the 
Title of Invention as listed in the executed Declaration/Power of 
Attorney forms. 



IN THE TITLE 



Please change the title of invention to read: 



-LOCATION-BASED DATA ACCESS CONTROL- 



! 1 "11 > ! »' »J*"| q**"' * J«-Ji f?"-!! "*"ti 

, r ! r** J1U d» ^>,-*>- rrr -iir? Jr = t- -=..r- — «5ji!' «a-> > 



Preliminary Amendment 
May 30, 2002 
Page 2 



REMARKS 



This Preliminary Amendment amends the title of invention as listed 
in the executed Declaration/Power of Attorney forms to correct an 
obvious clerical error. 



Respectfully submitted 



Berg ^ 

Reg. No. 28,145 
Attorney for Applicant 
LADAS & PARRY 

5670 Wilshire Boulevard #2100 
Los Angeles, California 90036 
(323) 934-2300 



